CVE-2023-49188 MEDIUM

CVE-2023-49188: WordPress Track Geolocation Of Users Using Contact Form 7 Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Vendor Zealousweb
Product Track Geolocation Of Users Using Contact Form 7
Weakness CWE-79 · XSS
Published December 15, 2023
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

5.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0.

Key dates

02Disclosure timeline

December 15, 2023 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-25100 Stored XSS via SVG File Upload in Bludit CVE-2024-52347 WordPress Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-13919 Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page CVE-2026-41683 HTTP response splitting and DoS in i18next-http-middleware via unsanitised Content-Language header CVE-2022-36094 XWiki Platform Web Parent POM vulnerable to XSS in the attachment history